CompTIA PenTest+ Cert Guide (PT0-002)
(PT0-002.AB1)/ISBN:978-1-64459-340-0
The CompTIA Pentest+ Cert Guide exam measures a candidate’s ability to accomplish pen testing skills for the cloud, hybrid environments, web applications, Internet of Things (IoT), and traditional on-premises.
Lessons
11+ Lessons | 423+ Exercises | 117+ Quizzes | 200+ Flashcards | 200+ Glossary of terms
TestPrep
85+ Pre Assessment Questions | 2+ Full Length Tests | 85+ Post Assessment Questions | 170+ Practice Test Questions
Hand on lab
43+ LiveLab | 42+ Video tutorials | 01:34+ Hours
Need guidance and support? Click here to check our Instructor Led Course.
Here's what you will learn
Download Course OutlineLessons 1: Introduction
- The Goals of the CompTIA PenTest+ Certification
- The Exam Objectives (Domains)
- Steps to Earning the PenTest+ Certification
- Facts About the PenTest+ Exam
- About the CompTIA PenTest+ PT0-002 Cert Guide
Lessons 2: Introduction to Ethical Hacking and Penetration Testing
- Understanding Ethical Hacking and Penetration Testing
- Exploring Penetration Testing Methodologies
- Building Your Own Lab
- Review All Key Topics
Lessons 3: Planning and Scoping a Penetration Testing Assessment
- Comparing and Contrasting Governance, Risk, and Compliance Concepts
- Explaining the Importance of Scoping and Organizational or Customer Requirements
- Demonstrating an Ethical Hacking Mindset by Maintaining Professionalism and Integrity
- Review All Key Topics
Lessons 4: Information Gathering and Vulnerability Scanning
- Performing Passive Reconnaissance
- Performing Active Reconnaissance
- Understanding the Art of Performing Vulnerability Scans
- Understanding How to Analyze Vulnerability Scan Results
- Review All Key Topics
Lessons 5: Social Engineering Attacks
- Pretexting for an Approach and Impersonation
- Social Engineering Attacks
- Physical Attacks
- Social Engineering Tools
- Methods of Influence
- Review All Key Topics
Lessons 6: Exploiting Wired and Wireless Networks
- Exploiting Network-Based Vulnerabilities
- Exploiting Wireless Vulnerabilities
- Review All Key Topics
Lessons 7: Exploiting Application-Based Vulnerabilities
- Overview of Web Application-Based Attacks for Security Professionals and the OWASP Top 10
- How to Build Your Own Web Application Lab
- Understanding Business Logic Flaws
- Understanding Injection-Based Vulnerabilities
- Exploiting Authentication-Based Vulnerabilities
- Exploiting Authorization-Based Vulnerabilities
- Understanding Cross-Site Scripting (XSS) Vulnerabilities
- Understanding Cross-Site Request Forgery (CSRF/XSRF) and Server-Side Request Forgery Attacks
- Understanding Clickjacking
- Exploiting Security Misconfigurations
- Exploiting File Inclusion Vulnerabilities
- Exploiting Insecure Code Practices
- Review All Key Topics
Lessons 8: Cloud, Mobile, and IoT Security
- Researching Attack Vectors and Performing Attacks on Cloud Technologies
- Explaining Common Attacks and Vulnerabilities Against Specialized Systems
- Review All Key Topics
Lessons 9: Performing Post-Exploitation Techniques
- Creating a Foothold and Maintaining Persistence After Compromising a System
- Understanding How to Perform Lateral Movement, Detection Avoidance, and Enumeration
- Review All Key Topics
Lessons 10: Reporting and Communication
- Comparing and Contrasting Important Components of Written Reports
- Analyzing the Findings and Recommending the Appropriate Remediation Within a Report
- Explaining the Importance of Communication During the Penetration Testing Process
- Explaining Post-Report Delivery Activities
- Review All Key Topics
Lessons 11: Tools and Code Analysis
- Understanding the Basic Concepts of Scripting and Software Development
- Understanding the Different Use Cases of Penetration Testing Tools and Analyzing Exploit Code
- Review All Key Topics
Hands-on LAB Activities
Information Gathering and Vulnerability Scanning
- Performing Zone Transfer Using dig
- Using dnsrecon
- Using Recon-ng to Gather Information
- Performing Reconnaissance on a Network
- Performing Nmap UDP Scan
- Using Nmap for User Enumeration
- Using Nmap for Network Enumeration
- Performing Nmap SYN Scan
- Conducting Vulnerability Scanning Using Nessus
Social Engineering Attacks
- Using BeEF
- Using the SET Tool
Exploiting Wired and Wireless Networks
- Using the EternalBlue Exploit in Metasploit
- Simulating the DDoS Attack
- Performing a DHCP Starvation Attack
- Understanding the Pass-the-hash Attack
- Performing ARP Spoofing
- Exploiting SMTP
- Exploiting SNMP
- Searching Exploits Using searchsploit
- Exploiting SMB
Exploiting Application-Based Vulnerabilities
- Exploiting Command Injection Vulnerabilities
- Exploiting a Website Using SQL Injection
- Performing Session Hijacking Using Burp Suite
- Cracking Passwords
- Conducting a Cross-Site Request Forgery Attack
Cloud, Mobile, and IoT Security
- Understanding Local Privilege Escalation
Performing Post-Exploitation Techniques
- Using OWASP ZAP
- Using the Task Scheduler
- Writing Bash Shell Script
- Performing an Intense Scan in Zenmap
- Using dig and nslookup Commands
- Creating Reverse and Bind Shells Using Netcat
- Hiding Text Using Steganography
- Using the Metasploit RDP Post-Exploitation Module
Tools and Code Analysis
- Finding Live Hosts by Using the Ping Sweep in Python
- Whitelisting an IP Address in the Windows Firewall
- Viewing Exploits Written in Perl
- Viewing the Effects of Hostile JavaScript in the Browser
- Using Meterpreter
- Performing Vulnerability Scanning Using OpenVAS
- Enumerating Data Using enum4linux
- Using Maltego to Gather Information
- Cracking a Linux Password Using John the Ripper
Exam FAQs
Network+, Security+ or equivalent knowledge. Minimum of 3-4 years of hands-on information security or related experience. While there is no required prerequisite, PenTest+ is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus.
$165
Performance-based and multiple choice
The exam contains Maximum of 85 questions questions.
165 minutes minutes
750 (on a scale of 100-900)
A candidate can retake the exam only after 24 hours of the failed attempt.